Vulnerabilities > TUG > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-05-20 | CVE-2023-32700 | LuaTeX before 1.17.0 allows execution of arbitrary shell commands when compiling a TeX file obtained from an untrusted source. | 7.8 |
2011-01-07 | CVE-2010-2642 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the AFM font parser in the dvi-backend component in Evince 2.32 and earlier, teTeX 3.0, t1lib 5.1.2, and possibly other products allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer. | 7.6 |